CAPEC-186: Malicious Software Update
CAPEC版本: 3.9
更新日期: 2023-01-24
攻击模式描述
An adversary uses deceptive methods to cause a user or an automated process to download and install dangerous code believed to be a valid update that originates from an adversary controlled source.
执行流程
步骤 1 Explore
[Identify target] The adversary must first identify what they want their target to be. Because malicious software updates can be carried out in a variety of ways, the adversary will first not only identify a target program, but also what users they wish to target. This attack can be targeted (a particular user or group of users) or untargeted (many different users).
步骤 2 Experiment
[Craft a deployment mechanism based on the target] The adversary must craft a deployment mechanism to deploy the malicious software update. This mechanism will differ based on if the attack is targeted or untargeted.
- Targeted attack: hosting what appears to be a software update, then harvesting actual email addresses for an organization, or generating commonly used email addresses, and then sending spam, phishing, or spear-phishing emails to the organization's users requesting that they manually download and install the malicious software update.
- Targeted attack: Instant Messaging virus payload, which harvests the names from a user's contact list and sends instant messages to those users to download and apply the update
- Untargeted attack: Spam the malicious update to as many users as possible through unsolicited email, instant messages, or social media messages.
- Untargeted attack: Send phishing emails to as many users as possible and pretend to be a legitimate source suggesting to download an important software update.
- Untargeted attack: Use trojans/botnets to aid in either of the two untargeted attacks.
步骤 3 Exploit
[Deploy malicious software update] Using the deployment mechanism from the previous step, the adversary gets a user to install the malicious software update.
所需技能
所需资源
- Manual or user-assisted attacks require deceptive mechanisms to trick the user into clicking a link or downloading and installing software. Automated update attacks require the adversary to host a payload and then trigger the installation of the payload code.
后果影响
影响范围: Access Control Availability Confidentiality
技术影响: Execute Unauthorized Commands
说明: Utilize the built-in software update mechanisms of the commercial components to deliver software that could compromise security credentials, enable a denial-of-service attack, or enable tracking.
缓解措施
Validate software updates before installing.
示例实例
Using an automated process to download and install dangerous code was key part of the NotPeyta attack [REF-697]
分类映射
| 分类名称 | 条目ID | 条目名称 |
|---|---|---|
| ATTACK | 1195.002 | Supply Chain Compromise: Compromise Software Supply Chain |